We performed a comparison between Cisco ISE (Identity Services Engine) and CyberArk Endpoint Privilege Manager based on real PeerSpot user reviews.
Find out what your peers are saying about Cisco, HPE Aruba Networking, Forescout and others in Network Access Control (NAC)."From a configuration point of view, it's simple."
"The feature that I found most valuable is profiling. We use that to profile certain types of devices, and then depending on the manufacturer, drop them into the appropriate VLAN without us having to go in and manually add the devices."
"The most valuable features are the NAC and the bundles that are available with Cisco ISE, such as Cisco ACS being integrated."
"Typically, the installation is pretty simple."
"Improves switch account management."
"The TACACS and RADIUS have been the most valuable features so far."
"The features that do work, work well, and we use it on a daily basis."
"It has allowed us to pull in multiple authentication databases, then centralize them into a captive portal system."
"The most valuable feature of the solution is its performance."
"The feature called PTA, which stands for Privileged Threat Analytics keeps track of what admins are doing and works with Centimeters. If something fishy is going on with a user's credentials, it alerts the security team so they can act fast. Plus, it automates stuff like resetting credentials or blocking users. So, if there's a potential hack, CyberArk can change passwords and lock out users in a snap. It also gives you a heads-up if anything unusual is going on with server activities, like someone creating new users with uncontrolled credentials."
"You can use it to strip users of their local admin rights and, at the same time, elevate applications for them."
"We were able to reduce the number of privileged accounts by 50%, which helped to simplify our privileged access management environment."
"The most valuable feature is that it does lifecycle management and that it will change to whatever the end target is."
"It has drastically reduced the attack surface for local administrative rights and the chance of escalation of privilege. We've removed, at this point, close to 98 percent of the local administrative accounts on workstations. If there were an incident, it would stop at that point and we'd be able to know."
"The solution's technical support is good."
"The solution allows me to give access and privileges to each user individually"
"The upgrades could be better. Every time we try to do an upgrade, we have problems. It's a pain."
"The opinion of my coworkers, and it's mine as well, is that the user interface could use some tender loving care. It seems counterintuitive sometimes. If you go to the logs, it's hard to figure out which one you need to look at."
"The price here in Brazil is very expensive."
"I think some areas where ISE could be better are perhaps in the number of integrations that they offer from a virtual standpoint, as well as having a better and more comprehensive pathway for the customer to go from a physical environment to a virtual one."
"I don't like the fact that we can see the logs only for 24 hours. Maybe that happens because of the way we set it up."
"The one main thing that it can improve on is the GUI. As the newest addition to the team, I struggle a little bit to get around it just because it has so many features."
"A main issue is that the upgrade process, over time, is extraordinarily fragile. Repeatedly, over the past several years, when we've tried to upgrade our Cisco ISE implementation, the upgrade has broken it. Ultimately, we have then had to rebuild it because we need it."
"The knocks I have against the product are the number of bugs that we encounter, constantly, and the amount of upgrading that we have to do."
"CyberArk Endpoint Privilege Manager is not suitable for the current situation because when you compare it to OTP, OTP is the strongest password solution. You can use it as a one-time password, but you have to log into the password manager itself and if you don't change your password, it will be the weakest link in the security. In OTP, you don't have that weakest link."
"CyberArk Endpoint Privilege Manager can be better by making its UI more consistent."
"The solution's pricing could be better."
"Can be improved by allowing computers to be excluded from policies."
"It is hard to deal with technical support if you are not certified."
"Compared to other tools like Linux, this solution isn't as user-friendly."
"It's an old product and has many areas that can be improved."
"CyberArk has some performance issues. For example, servers could not handle the solution when we first took CyberArk Endpoint Privilege Manager."
More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →
More CyberArk Endpoint Privilege Manager Pricing and Cost Advice →
Cisco ISE (Identity Services Engine) is ranked 1st in Network Access Control (NAC) with 135 reviews while CyberArk Endpoint Privilege Manager is ranked 6th in Privileged Access Management (PAM) with 27 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while CyberArk Endpoint Privilege Manager is rated 8.0. The top reviewer of Cisco ISE (Identity Services Engine) writes "Gives us that extra ability to assist the end user and make sure that we are making them happy". On the other hand, the top reviewer of CyberArk Endpoint Privilege Manager writes "Offers integrated solutions and expands its capabilities through strategic acquisitions". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, Forescout Platform, CyberArk Privileged Access Manager and Fortinet FortiAuthenticator, whereas CyberArk Endpoint Privilege Manager is most compared with Microsoft Defender for Endpoint, BeyondTrust Endpoint Privilege Management, CrowdStrike Falcon, CyberArk Privileged Access Manager and Trellix Endpoint Security.
We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.